Unsolved
This post is more than 5 years old
3 Posts
0
1501
May 24th, 2018 12:00
sudo file getting ovewritten
We have created a script that enables our ServiceDesk to close OPEN files on Isilon.
We did not want to use a root level account.
We created a custom Role=CloseSMB and gave it these privileges:
Console
Platform API
SSH
SMB
Namespace Traverse
Namespace Access
We created a local account called "Closer" and added it to our CloseSMB role.
The account could not run isi_for_array until we gave it some sudo rights and nopasswrd required
We added to sudo:
Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi
We added to all nodes in cluster.
The script worked.
I went in the GUI to check on CloseSMB privileges.
A few minutes later I was doing some more testing and the script failed.
Something took out our line:
Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi
How do we edit sudo and make it stick?
Elias
Yan_Faubert
117 Posts
0
May 25th, 2018 08:00
This is the command to add your custom sudo configuration:
isi_visudo -f /etc/mcp/override/sudoers
AdamFox
254 Posts
0
May 25th, 2018 08:00
Also, you should not need Namespace Traverse or Namespace Access to do what you want to do here.